World

Twitter hacking confirms fears about its security and reliability

This article is more than 12 months old

Accounts of a number of celebrated names hacked, raising fears in run-up to US election in November

SAN FRANCISCO/WASHINGTONThe extraordinary hacking spree that hit Twitter on Wednesday, leading it to briefly muzzle some of its most widely followed accounts, is drawing questions about the platform's security and resilience in the run-up to the US presidential election.

Twitter said late on Wednesday that hackers obtained control of employee credentials to hijack accounts including those of US Democratic presidential candidate Joe Biden, former president Barack Obama, reality television star Kim Kardashian, tech billionaire and Tesla founder Elon Musk, Amazon founder Jeff Bezos, investor Warren Buffett, Microsoft co-founder Bill Gates and the corporate accounts for Uber and Apple.

In tweets, the company said: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."

The hackers "used this access to take control of many highly-visible accounts and tweet on their behalf".

The statements confirmed the fears of security experts that the service itself had been compromised.

Twitter's role as a critical platform for political candidates and public officials has led to fears that hackers could wreak havoc on the Nov 3 US presidential election or compromise national security.

Mr Adam Conner, vice-president for technology policy at the Centre for American Progress, a liberal think-tank, tweeted: "This is bad on July 15 but would be infinitely worse on Nov 3."

Posing as celebrities and the wealthy, the hackers asked followers to send bitcoin to a series of addresses. By evening, 400 bitcoin transfers were made worth a combined US$120,000 (S$167,000).

Half of the victims had funds in US bitcoin exchanges, a quarter in Europe and a quarter in Asia, according to forensics company Elliptic. Those transfers left history that could help investigators identify the perpetrators. The financial damage may be limited because some exchanges blocked other payments.

The damage to Twitter's reputation may be more serious. Most troubling to some was how long the company took to stop the bad tweets.

"Twitter's response to this hack was astonishing. It's the middle of the day in San Francisco, and it takes them five hours to get a handle on the incident," said Mr Dan Guido, chief executive of security company Trail of Bits.

An even worse scenario was the bitcoin fraud was a distraction for more serious hacking, such as harvesting the direct messages of account holders.

Mass compromises of Twitter accounts via theft of employee credentials or problems with third-party applications many users employ have occurred before. Wednesday's hack was the worst to date.

Several users with two-factor authentication said they were powerless to stop it.

"If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," said Mr Michael Borohovski, director of software engineering at security company Synopsys. - REUTERS

WORLD